- Why would I want an impairment system? I have enough trouble fixing bugs reported by customers, issuing patches and adding new features.
- What kind of impairments can I do with Maxwell?
- I read that Maxwell allows the user to create a packet and selectively insert it into the flow? Why would I want to do that? Can you provide an example?
- How can you have multiple impairment sessions when you only have two interfaces?
- Well... how can Maxwell do that? How can it keep track of thousands of sessions?
- What does Maxwell look like to the devices on the network? Is it like a router?
- If Maxwell does not have an IP address, then how do you control Maxwell?
- Okay. If it is a bridge at layer two, can I modify MAC addresses on traffic going through Maxwell?
- What about VLANS?
- What about IP tunnels?
- What about encrypted tunnels?
- It seems that Maxwell is limited to two 10/100/1000 Ethernet interfaces, so you have no solution for introducing impairments for DS3, E3, OC-3, and OC-12?
- Where does Maxwell fit with other impairment products?
Q Why would I want an impairment system? I have enough trouble fixing bugs reported by customers, issuing patches and adding new features.
A The Internet is becoming a utility and the users of that utility want five nines reliability. This can only be achieved with more thorough testing of network products and applications under adverse conditions. In addition to normal outages, these conditions also include malevolent attacks and disruptions. Each network-enabled product or application had better withstand these adverse conditions and behave appropriately, whether that means discarding packets in a DoS attack, or backing off in a congested network situation, or another kind of behavior. In no case should the product crash or allow security to be compromised.
A You can do all the conventional impairments and you can create your own.
The conventional impairments include: packet delay, loss, duplication, jitter, re-ordering, fragmentation, burst errors, and all their variations.
The more important and interesting impairments are the ones that exercise network protocols.
Here are two examples of creating your own impairments for testing video products, such as video conferencing systems. Video conferencing systems typically use the Real-Time Protocol (RTP).
In the RTP protocol, you could delete the Marker bit (the "M" bit) from the header of a video stream. The M bit indicates that the packets following it are video packets and must be played in the proper order at the destination device. If the marker bit is removed or corrupted, what is the effect on the destination device? Will it generate an error message for the user? Will it play the video packets out of order, thereby producing a distorted film? Will it simply reject the packet stream? Or, will the device crash?
Another part of the RTP protocol is the Synchronization Source Identifier (SSRC). This is a randomly generated number that is independent of the network address. In a video conference of five participants, there would be five SSRCs, each one identifying a unique participant's communication. In this scenario, Maxwell could identify two different streams of RTP packets and change the SSRC numbers to be identical. The end device should properly detect the duplicate identifiers in the streams and avoid collision.
A Yes. Your objective is to make sure that the product you are developing is sufficiently robust to handle any series of packets that it receives. Your product should exhibit the proper behavior, whether that is to discard the packet(s), generate an error message, or time out.
Using the "M" bit example from RTP, you could insert an extra packet before the "M" bit, duplicate the "M" bit packet, or insert an extra packet after the "M" bit. The destination device receiving the flow of RTP packets should not crash, but instead, exhibit the proper behavior.
In the Transmission Control Protocol (TCP), you could insert a reset packet. By inserting a reset packet in the middle of a TCP connection, the receiving device might reset. The receiving device should check that the reset packet is valid before executing it.
Thus, the ability to insert packets and change their contents allows you to more thoroughly test your product.
A Maxwell can detect and track sessions independently of the physical interface that may be associated with the session. Maxwell only has to be astride the path between any number of sources or destinations. Think of a session as containing one source IP address and port number and one destination IP address and port number. Now think of thousands of sessions. Maxwell can handle thousands of sessions. Maxwell can detect a session on a T3 circuit, for example, without having any kind of T3 interface, or connecting to the T3 interface.
Furthermore, Maxwell can identify a session in several ways; besides the source and destination IP address, Maxwell can detect the session or flow, based on port numbers, VLAN tags, protocol types, packet payload contents, IEEE 802 header information, and many other criteria.
In addition, Maxwell can detect the session at any point in the session, not just at the beginning. For example, Maxwell can detect a video conferencing session well into the session based on the SSRC. Other products are quite limited and can only identify traffic based on the physical interface of the devices in use.
A Maxwell uses state machines to keep track of all the sessions.
A Maxwell is invisible to the other devices on the network. The other devices do not perceive Maxwell as a "neighbor" with an IP address, nor is it the next "hop" in the network. Maxwell functions like a layer 2 or 3 device. Maxwell is not like a router; Maxwell functions more like a bridge.
A Maxwell has a separate physical interface with an IP address that is used for control purposes. Maxwell has a total of three Ethernet interfaces, two of which are used for emulation (bound to the Maxwell daemon rather than an IP stack) and the third is bound to an IP stack for management and control.
A Yes. Maxwell can change the MAC address, duplicate the MAC address, insert an illegal MAC address, and inspect MAC addresses matching certain criteria, and then select their associated packets for special processing, such as changing the contents.
A Maxwell can move packets from one tagged VLAN to another. Maxwell can move packets from a tagged VLAN to an untagged VLAN. Maxwell has full capabilities to manipulate IEEE VLAN headers.
A Maxwell understands IP within IP. Maxwell can view and manipulate nested IP headers independently of one another. Maxwell can also work with TCP and IP inside IP.
A If you provide Maxwell the decryption keys, it can perform the classic man-in-the-middle attack.
A The other physical interfaces are not required. Nearly all clients and servers are Ethernet based. When they connect to other high performance networks with higher speed media, they nearly always do so via a router. Maxwell does not require a physical interface to a particular type of media to track and impair sessions traversing that media.
A In network impairment testing, there are modelers, emulators, and simulators. They all have different roles to play.
Network modelers represent phenomenon as a set of mathematical equations. A network modeler lets you define traffic volumes, flows, network architectures, etc. So you can visualize the application performance, and do "what-if" analysis. Modelers do not deal with real traffic; no packets flow through a modeler. OpNet is an example of a modeler.
Simulators generate test conditions approximating actual or operational conditions. Simulators rely on mathematical formulas to determine behavior.
For example, an SNMP agent simulator running on an inexpensive PC, would simulate the behavior of the SNMP agent inside an expensive router. You could query this simulated SNMP agent for the values of MIB objects. Or the simulated agent could send an alarm that a link was down. However, the values would not be real and there is no real link that is down. So, what is simulated is the behavior of an agent, but not a real link down condition, or the real value of a MIB object in the router.
A network simulator uses mathematical models to simulate, for example, a frame relay connection. It appears to the client-server application that it is operating over a frame relay "cloud", however, it is really running over a mathematical model that has made several assumptions about how frame relay connections operate. Shunra is an example of a simulator.
An emulator imitates the function of (another system), as by modifications to hardware, software, or network activity that allow the imitating system (the emulator) to accept the same data, execute the same programs, and achieve the same results as the imitated system.
Maxwell is an emulator because it can, for example, behave like one part of a TCP session; Maxwell imitates the device that would normally be on one side of the session. Emulation tricks the software into believing that one device is really some other device. Some router companies, for example, emulate Cisco’s IOS, so that their router behaves like a Cisco router. Some printer companies emulate HP printers so that their printer is compatible with all the applications and drivers that the HP printer supports.